FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
13.4.0 <= gitlab-ce < 13.4.2
13.3.0 <= gitlab-ce < 13.3.7
7.12 <= gitlab-ce < 13.2.10

Details

VuXML ID a3495e61-047f-11eb-86ea-001b217b3468
Discovery 2020-10-01
Entry 2020-10-02

Gitlab reports:

Potential Denial Of Service Via Update Release Links API

Insecure Storage of Session Key In Redis

Improper Access Expiration Date Validation

Cross-Site Scripting in Multiple Pages

Unauthorized Users Can View Custom Project Template

Cross-Site Scripting in SVG Image Preview

Incomplete Handling in Account Deletion

Insufficient Rate Limiting at Re-Sending Confirmation Email

Improper Type Check in GraphQL

To-dos Are Not Redacted When Membership Changes

Guest users can modify confidentiality attribute

Command injection on runner host

Insecure Runner Configuration in Kubernetes Environments

References

CVE Name CVE-2020-13327
CVE Name CVE-2020-13332
CVE Name CVE-2020-13333
CVE Name CVE-2020-13334
CVE Name CVE-2020-13335
URL https://about.gitlab.com/releases/2020/10/01/security-release-13-4-2-release/